Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-21 00:29:34 2014-07-21 00:33:06 212 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine3 winxpmacine3 VirtualBox 2014-07-21 00:29:35 2014-07-21 00:33:06

File Details

File name STA-Logistics-Promotional--pamphlets.pdf
File size 112235 bytes
File type PDF document, version 1.5
CRC32 652E3D85
MD5 9364475012c5509a761c544ded164749
SHA1 7eb4abc03c1c555b93dfbffad99a44d95be8439d
SHA256 193330ab92b7179fa81f74b19eca5c36777e46c5f02fd6dcc0884cb0434a89ee
SHA512 36a29bc32d5ba2de6beb0b26088e62f1651e7a388f00e304c0181ca6b762f83919bf14c33219a24cadb26965bab1a01ec795e3e9eb0ca56fcead00ea1351b8c9
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-21 04:25:53
Detection Rate: 0/53 (Expand)

Signatures

Starts servers listening on 127.0.0.1:0, 0.0.0.0:0
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Nothing to display.

Dropped Files

Eula.exe

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Files
  • C:\DOCUME~1
  • C:\DOCUME~1\TDW
  • C:\DOCUME~1\TDW\LOCALS~1
  • C:\DOCUME~1\TDW\LOCALS~1\Temp
  • C:\Documents and Settings\TDW\Local Settings\Temp\STA-Logistics-Promotional--pamphlets.pdf
  • C:\Documents and Settings\TDW
  • C:\Documents and Settings\TDW\Local Settings\Temp
  • C:\WINDOWS\system32\KBDUS.DLL
  • C:\WINDOWS
  • C:\Program Files\Adobe
  • C:\Program Files\Adobe\Reader 11.0\Reader
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx
  • C:\Documents and Settings\TDW\Application Data\Adobe
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Speech
  • C:\WINDOWS\system32
  • C:\Documents and Settings\TDW\Local Settings\Application Data\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\
  • C:\Documents and Settings\TDW\Local Settings\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Color\ACECache11.lst
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\
  • C:\WINDOWS\system32\rsaenh.dll
  • C:\Documents and Settings\TDW\Application Data\
  • C:\Documents and Settings\TDW\Application Data\Adobe\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdrk.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdr.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Security\services_rdri.dat
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages
  • PIPE\wkssvc
  • IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • MountPointManager
  • STORAGE#Volume#1&30a96598&0&SignatureC7EDC7EDOffset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • C:\Documents and Settings
  • C:\Documents and Settings\TDW\My Documents
  • C:\Documents and Settings\TDW\My Documents\desktop.ini
  • C:\Documents and Settings\All Users
  • C:\Documents and Settings\All Users\Documents
  • C:\Documents and Settings\All Users\Documents\desktop.ini
  • C:\Documents and Settings\TDW\Desktop
  • C:\Documents and Settings\All Users\Desktop
  • C:\WINDOWS\Registration\R000000000007.clb
  • C:\Program Files\Adobe\Reader 11.0\Reader\Eula.exe
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\UserCache.bin
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\Collab
  • C:\Documents and Settings\TDW\Application Data\desktop.ini
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\
  • C:\Documents and Settings\TDW\Application Data\Adobe\Flash Player\AssetCache\NZNP7GBE
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\FAP1.tmp
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\FAP1.tmp
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents
  • C:\Documents and Settings\TDW\Local Settings\Application Data\Adobe\Acrobat\11.0\SharedDataEvents-journal
  • C:\Documents and Settings\TDW\Local Settings\Temp\
  • PIPE\lsarpc
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\ReaderMessages-journal
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R4BD7.tmp
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\67KFYZU9
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\67KFYZU9
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\67KFYZU9\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\67KFYZU9\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\89AB8DEB
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\89AB8DEB
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\89AB8DEB\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\89AB8DEB\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SHW72FM7
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SHW72FM7
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SHW72FM7\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\SHW72FM7\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\0P2R4T67
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\0P2R4T67
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\0P2R4T67\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5\0P2R4T67\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\Cookies\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\index.dat
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\desktop.ini
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files
  • C:\Documents and Settings\TDW\Local Settings\History
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\
  • C:\
  • C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • C:\Documents and Settings\TDW\Cookies\
  • C:\Documents and Settings\TDW\Cookies\index.dat
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\
  • C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat
  • C:\WINDOWS\system32\userenv.dll
  • c:\autoexec.bat
  • C:\Documents and Settings\TDW\Local Settings
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\Certificates\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CRLs\*
  • C:\Documents and Settings\TDW\Application Data\Microsoft\SystemCertificates\My\CTLs\*
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\WINDOWS\system32\Ras\*.pbk
  • C:\Documents and Settings\TDW\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
  • C:\Documents and Settings\TDW\Cookies\tdw@adobe[2].txt
  • C:\Documents and Settings\TDW\Application Data\Adobe\Acrobat\11.0\assets
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R4BD8.tmp
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\A9R4BD8.tmp
  • C:\WINDOWS\system32\shell32.dll
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\acrord32_sbx\A9R4BD9.tmp
  • C:\Documents and Settings\TDW\Local Settings\Temp\acrord32_sbx\A9R4BD9.tmp
Mutexes
  • Global\ARM Update Mutex
  • Global\Acro Update Mutex
  • {100184D2-BDC3-477a-B8D3-65548B67914C}_488
  • _!MSFTHISTORY!_
  • c:!documents and settings!tdw!local settings!temporary internet files!content.ie5!
  • c:!documents and settings!tdw!cookies!
  • c:!documents and settings!tdw!local settings!history!history.ie5!
  • WininetStartupMutex
  • WininetConnectionMutex
  • WininetProxyRegistryMutex
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Privileged
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0
  • HKEY_LOCAL_MACHINE\Software\Adobe\Adobe Acrobat\11.0\Security
  • HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\11.0\Installer
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c1
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003
  • Keyboard Layout\Preload
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_CURRENT_USER\
  • HKEY_CLASSES_ROOT\
  • HKEY_LOCAL_MACHINE\
  • HKEY_USERS\
  • HKEY_CURRENT_CONFIG\
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0
  • HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\11.0
  • HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Justsystem\ATOK\Setup\Folder
  • HKEY_LOCAL_MACHINE\System
  • HKEY_LOCAL_MACHINE\System\Acrobatbrokerserverdispatchercpp789
  • Software\Adobe\Acrobat Reader\11.0\Installer\Migrated
  • Language
  • Software\Adobe\Adobe Synchronizer\11.0
  • Software\Adobe\Adobe Synchronizer\11.0\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
  • HKEY_CLASSES_ROOT\.exe
  • HKEY_CLASSES_ROOT\exefile
  • HKEY_CLASSES_ROOT\exefile\CurVer
  • HKEY_CLASSES_ROOT\exefile\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
  • HKEY_CLASSES_ROOT\SystemFileAssociations\application
  • HKEY_CLASSES_ROOT\exefile\\Clsid
  • HKEY_CLASSES_ROOT\*
  • HKEY_CLASSES_ROOT\*\Clsid
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a2-b561-11e1-9849-806d6172696f}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a0-b561-11e1-9849-806d6172696f}\
  • HKEY_CLASSES_ROOT\Directory
  • HKEY_CLASSES_ROOT\Directory\CurVer
  • HKEY_CLASSES_ROOT\Directory\
  • HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
  • HKEY_CLASSES_ROOT\Directory\\Clsid
  • HKEY_CLASSES_ROOT\Folder
  • HKEY_CLASSES_ROOT\Folder\Clsid
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  • HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CLASSES_ROOT\.ade
  • HKEY_CLASSES_ROOT\.adp
  • HKEY_CLASSES_ROOT\.app
  • HKEY_CLASSES_ROOT\.asp
  • HKEY_CLASSES_ROOT\.bas
  • HKEY_CLASSES_ROOT\.bat
  • HKEY_CLASSES_ROOT\.cer
  • HKEY_CLASSES_ROOT\.chm
  • HKEY_CLASSES_ROOT\.cmd
  • HKEY_CLASSES_ROOT\.com
  • HKEY_CLASSES_ROOT\.cpl
  • HKEY_CLASSES_ROOT\.crt
  • HKEY_CLASSES_ROOT\.csh
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes
  • HKEY_LOCAL_MACHINE\Software\Classes
  • \REGISTRY\USER
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
  • \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  • HKEY_CLASSES_ROOT\exefile\\shell\open
  • HKEY_CLASSES_ROOT\exefile\\shell\open\command
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Eula.exe
  • HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
  • HKEY_CLASSES_ROOT\Applications\Eula.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\TreatAs
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServerX86
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32
  • \CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32
  • HKEY_CLASSES_ROOT\AppID\AcroRd32.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles
  • Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Special Paths
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014072120140722
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AUTOPROXY_CACHE_ANAME_KB921400
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CHUNK_TIMEOUT_KB914453
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CERT_TRUST_VERIFIED_KB936882
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters\RPA
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INCLUDE_PORT_IN_SPN_KB908209
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\PhysicalStores
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Volatile Environment
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Certificates
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CRLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\CTLs
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\SystemCertificates\MY\\Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\adobe.com
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe.com
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\

Processes

registry filesystem process services network synchronization

AcroRd32.exe PID: 488, Parent PID: 268

Volatility

Nothing to display.